CISA releases 4 Industrial Control Systems Advisories

Cybersecurity and Infrastructure Security Agency sent this bulletin at 04/05/2022 01:11 PM EDT

Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow

You are subscribed to no topic for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.

4/5/2022 1:11 PM EDT

ICS-CERT released the following 4 advisories today, April 5, 2022. Click on the links below for more detailed information on these Industrial Control Systems vulnerabilities.

LifePoint Informatics Patient Portal

This advisory contains mitigations for an Authentication Bypass Using Alternate Path or Channel vulnerability in the LifePoint Informatics Patient Portal, a website containing patient health data.

Rockwell Automation ISaGRAF

This advisory contains mitigations for a Deserialization of Untrusted Data vulnerability in Rockwell Automation ISaGRAF products.

Johnson Controls Metasys

This advisory contains mitigations for a Server-side Request Forgery vulnerability in Johnson Controls Metasys building automation systems.

Phillips Vue PACS (Update B)

This updated advisory is a follow-up to the advisory update titled ICSMA-21-87-01 Philips Vue PACS (Update A) that was published January 20, 2022, to the ICS webpage on www.cisa.gov/uscert/ics. This advisory contains mitigations for numerous vulnerabilities in Philips Vue PACS products.

Having trouble viewing this message? View it as a webpage.

You are subscribed to updates from the Cybersecurity and Infrastructure Security Agency (CISA)
Manage Subscriptions | Privacy Policy | Help

Connect with CISA:
Facebook | Twitter | Instagram | LinkedIn | YouTube